On the state of the dns-01 challenge

jhass · December 2, 2015, 10:19pm

So this thread mainly talked about client support, I’d like to talk about server support.

Are there any rough estimates on when we will see the dns-01 challenge enabled on the staging and production servers? From a brief look at boulder, it seems already implemented, the test configuration has it enabled too. I couldn’t find any issues or discussions on the state of the implementation though, and I didn’t get to just trying it with a local installation yet since I didn’t have the time and motivation for a manual installation and the docker setup is broken.

Is there any reason to not allow in-official clients to use this challenge, since it would solve many issues mentioned in many topics across this discussion board?

jsha · December 2, 2015, 11:39pm

We’re probably going to enable the DNS challenge in staging pretty soon after launch, to start testing out clients. I can’t commit to a particular launch date for turning it on in production, but we very much want to make it available soon! Subject, of course, to the usual caveats about development time and limited resources.

File an issue on the Boulder repo for the Docker issues you ran into?

jhass · December 2, 2015, 11:56pm

Well, that’s at least some good news I guess. What kind of category are we talking with “pretty soon” though? Within a week, month, two months?

One of the Docker issues would be “solved” by this old PR, but after applying it manually, it just failed somewhere else. And given things like this and a couple equally old issues are still open, I just figured that no active developer is using them anymore and so they probably would break soon enough again anyway. It simply doesn’t boot up when running ./test/run-docker.sh on a clean and latest Docker (running Archlinux here and not using Docker much for anything else).

jmhodges · December 14, 2015, 7:36pm

It's out right now in staging. Promotion to production sometime in January, we believe.

jhass · December 14, 2015, 7:39pm

When testing it with a local boulder I had to monkey patch stuff, see https://github.com/letsencrypt/boulder/issues/1242#issuecomment-164147744 Without it, it wouldn’t pass validation in any case. Did I overlook something fixing that issue?

jmhodges · December 14, 2015, 7:40pm

Nope. If you’d like to provide a PR with tests, we’d take it!

jhass · December 14, 2015, 7:46pm

I really have no idea what I’m doing there Also this: https://github.com/letsencrypt/boulder/blob/master/core/objects.go#L353 looks like you might have some more plans for additional validations, but I have no clue which.

fschulze · January 13, 2016, 10:25am

Looks like this works in letsencrypt staging now. Any ETA for production? It’s already at the same release, but it seems to be disabled for now.

joeshaw · January 20, 2016, 9:22pm

It just went to production. https://twitter.com/letsencrypt/status/689919523164721152

sweb · February 23, 2016, 5:39am

I cant find any useful documentation for DNS challenge ? any one know any guide , quick start help ?

okket · February 23, 2016, 6:49am

github.com

letsencrypt/acme-spec/blob/master/draft-barnes-acme.md#dns

# THIS DOCUMENT IS DEPRECATED

**This repository is not active and will not accurately reflect what Let's Encrypt implements.**

It's retained only for history.

All new work happens here: https://github.com/ietf-wg-acme/acme/

Topic		Replies	Views
Boulder use custom DNS resolver Issuance Tech	4	733	June 20, 2023
DNS challenge is in staging Feature Requests	49	27598	February 10, 2016
DNS Resolution Issues	13	2934	November 13, 2015
DNS-01 support? Help	3	1293	September 3, 2016
Boulder setup for HTTP-01 validations - FAKE_DNS!? Client dev	10	1045	June 20, 2021

On the state of the dns-01 challenge

Related topics